What are the key drivers of IAM?
- Improved security
- Audit and compliance
- Operational efficiency
- Business enablement
What is an Identity in IDM? (L1) – IDM Concepts?
Identity is unique, should be identifiable.
Identity is a collection of characteristics by which a person is identified.
Users are those who have access to systems and identity information.
What is a connector?
Connector is a mediator between Other systems and Sailpoint repository. Connector helps to import data into Sailpoint database from other systems and vice versa.
What is meant by exclusion rule?
Exclusion rule is written for certification to exclude some of the identities with specific attribute to be left out of certification. For e.g. To exclude an identity which is from a particular department, we can write an exclusion rule in Sailpoint.
Name the main Stages of Identity Life Cycle in typical IDM?
New User Creation or On boarding
Account Maintenance – Password management, Role addition etc.
Departing user or termination or Off-boarding
Difference between Scope and Capability in Sailpoint?
Capabilities control the actions that a user can perform and which menu options are available
Scoping controls which objects a user can act upon and which objects are available
Both affect what the user can see in IdentityIQ
What does SSO mean?
Single Sign On is a property of access control of multiple related, but independent software systems. With this property a user logs in with a single user login to gain access to connected systems without being prompted for different usernames or passwords or in some configurations seamlessly sign on to all system.
What are the differences between Authentication and Authorization?
Authentication – Process of determining the identity of a user that is attempting to access a system
Who is the user?
· Is the user really who he/she represents himself to be?
Authorization – Process of determining what types of activities are permitted. Usually, authorization is in the context of an authenticated identity
· Is user X authorized to access resource D?
· Is user X authorized to perform operation J?
· Is user X authorized to perform operation D on resource J?
What is Sailpoint Identity Cube?
Term to refer to each unique identity stored in IdentityIQ repository
Stores all information known about an identity (Employee/Consultant/User)
Examples: * Identity Attributes * Application Accounts * Entitlements/Roles * History * Risk Score * Policy Violations * User Rights (Capabilities/Scoping)
What is Scoping in Sailpoint?
· Subdividing data into logical groups and granting access based on those subdivisions.
· Any IIQ object can have Assigned scopes: o Application, Identity, Role etc
· User can have authorized Access.
What are the different types of roles in IIQ?
- By default, there are four types of roles configured in IdentityIQ:
- Organizational: organize the roles in the IdentityIQ UI for easier management
- Business: identify job functions or titles
- IT: encapsulate sets of system entitlements
- Entitlement: represent individual system entitlements
Custom role types can be created to model a structure that doesn’t easily fit into the IdentityIQ default model. In addition, the existing role types can be configured to function differently from their default behaviours.
How is an organization represented in Sailpoint??
Organization is represented in Sailpoint By integrating all the systems / target systems of that particular organization in Sailpoint
What is data merging during application configuration? Which applications support the data merging feature?
Data merging is a connector level feature available in delimited and JDBC type of applications. Multiple entries of data are merged during aggregation. Which columns to be merged and which is the unique identifier needs to be configured.
What is a Governance Platform, and what is a Compliance Manager?
This is one of the top Sailpoint interview questions that deal with the ground-level architecture of Sailpoint. Governance Platform is one that supports the centralization of identity data, business policy, risk modeling, and roles for supporting user lifecycle and compliance initiatives. The Compliance Manager is responsible for streamlining the compliance controls and improvement of audit performance with automated policy enforcement and automated access certifications.
What is Identity Intelligence?
Candidates could find this entry among most common Sailpoint interview questions. Identity Intelligence can transform technical identity data from multiple enterprise systems for creating a centralized and business-centric, easily understandable information such as reports and dashboards.
What is the Audit Configuration?
This Sailpoint interview question is also one of the common entries you can find from various sources. Audit Configuration page on Sailpoint helps in specifying actions collected for different audit logs. The system administrator has to specify actions subjected to audit because of the impact of collecting and storing even information in audit logs on performance.
Generally, candidates will encounter this entry among Sailpoint interview questions related to IdentityIQ. Prior to the collection of any data by audit logs for use in audit search, the configuration of IdentityIQ for auditing is mandatory.
What type of actions can you find on the Audit Configuration page of Sailpoint IdentityIQ?
This is one of the follow-up Sailpoint IAM interview questions, which can be very simple yet confusing. The response should be quite straightforward, and candidates can express the answer in specific categories. First of all, the General Actions or the typical actions that you perform while using IdentityIQ, such as signing off on a certification. The second group of actions refers to Link Attribute Changes or the modifications made for any assigned link attributes.
The next group of actions refers to the Identity Attribute Changes or the modifications to assigned capabilities, roles, authorized scopes, changes to the password, and controlled scopes. Class Actions are also included in the Audit Configuration page. The Class Actions are actions on the underlying classes you use for configuring operations of IdentityIQ, such as editing a role or creating a policy.
How is Sailpoint Cloud Identity Management Solution better?
Candidates should always prepare for this entry among best Sailpoint interview questions and answers. The effectiveness of Sailpoint in identity management relies on different aspects related to the software. The data storage and backup of Sailpoint provide higher security. In addition, users can find management abilities that don’t trade off-server capabilities. The inbuilt sandboxing features of Sailpoint also help users in saving a lot of costs and efforts related to the management of data on the cloud.
In which cloud models can you apply Sailpoint solutions directly?
Candidates will find this entry among the latest Sailpoint interview questions. The answer suggests that Sailpoint supports all cloud models such as private cloud, hybrid cloud, community cloud, and public cloud. On the other hand, you should also state that the installation and implementation of Sailpoint on different cloud models can be different.
Why should an enterprise choose Sailpoint for identity management?
The benefits of Sailpoint are not the only response to such Sailpoint interview questions. You have to state information about the different innovations in identity management that Sailpoint introduces. Sailpoint provides a risk-based approach to identity management along with a unified architecture.
The other notable factors in choosing Sailpoint for identity management include innovations in centralized governance throughout cloud environments and data centers. In addition, Sailpoint also provides higher flexibility with last-mile provisioning with the assurance of higher scalability and performance.
What are the different types of provisioning?
Candidates can find this entry commonly among new Sailpoint interview questions. The answer would include a description of the three types of provisioning, such as automated provisioning, workflow-based provisioning, and self-service provisioning.
Automated provisioning involves the detection of new user records from the HR system or Authoritative Source and then automatically provisioning the users with relevant access on-target applications. Workflow-based provisioning involves the collection of required approvals from designated approvers prior to granting access to data or an application to a user.
Difference between workgroups and populations?
Groups — used to track accessibility, activity, and monitor risk by group membership. Risk scores are displayed on the Home Page. Groups are defined automatically by values assigned to identity attributes.
Populations — are query-based groups created from the results of searches run from the Identity Search page. Searches that result in interesting populations of identities can, optionally, be saved as populations for reuse within IdentityIQ.
Populations are similar to groups, except that they are driven off of multiple search criteria whereas Groups are statically defined based on a single Identity attribute. These groups themselves are not dynamic. You must run the Refresh Groups task periodically to update them. Between runs of Refresh Groups, the groups themselves remain static, but the membership is always based on a dynamic query.
Note: Populations are dynamic queries, so every time you view a population, you are viewing its current members then.